Details
-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
6.0
-
6
-
Description
When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text.
This is a breach in security; the password should never be displayed in clear text on a web page.
Attachments
Issue Links
- duplicates
-
JRASERVER-29571 Session expiry pages may echo password in clear text
- Closed